Vulmon Recent Vulnerabilities Trends Blog About Contact

Recent vulnerabilities and exploits

NA
CVE-2021-2109
Weblogic Remote Code Execution involving HTTP protocol and JNDI injection gadget...
NA
CVE-2021-3114
crypto/elliptic: incorrect operations on the P-224 curve. The P224() Curve implementation can in rare circumstances generate incorrect outputs, including returning invalid points from ScalarMult. The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls) packages support...
NA
CVE-2021-3115
cmd/go: packages using cgo can cause arbitrary code execution at build time. The go command may execute arbitrary code at build time when cgo is in use on Windows. This may occur when running “go get”, or any other command that builds code. Only users who build...
NA
CVE-2020-27852
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor,...
NA
CVE-2021-3137
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section....
NA
CVE-2020-27851
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted...
NA
CVE-2020-27850
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role...
NA
CVE-2020-13134
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to...
NA
CVE-2020-13133
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments...
NA
CVE-2020-19362
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-25175template injectionspoofCVE-2021-21251physicalCVE-2020-28482CVE-2021-1682CVE-2021-0208CVE-2021-3113